Please do not report security vulnerabilities through public GitHub issues.

To report a vulnerability, use GitHub's private vulnerability reporting.

Include as much of the following as possible:

• Description of the vulnerability and its potential impact
• Steps to reproduce or a proof-of-concept
• Affected version(s)
• Any suggested mitigations

You can expect an acknowledgement within 72 hours and a resolution or status update within 14 days.

Once a fix is available, the vulnerability will be disclosed publicly via a GitHub Security Advisory. Credit will be given to the reporter unless anonymity is requested.